Alex Wong, the Judicial Branch SITO, briefed the Committee on Legislative Modernization on cybersecurity and IT modernization steps the branch completed and those still in progress.

Wong said the branch has “installed the…endpoint detection and response services” using CrowdStrike and created a disaster recovery site in Johnson County. He told the committee that the branch migrated public websites and email addresses from kscourt.org to kscourt.gov, calling the .gov transition “part of SB 291 compliance.”

The nut graf: The Judicial Branch described technical and organizational work intended to reduce security risk and meet requirements from last year’s Senate Bill 291, including endpoint detection, network segmentation, multifactor authentication and a formal CISA assessment scheduled for the week of the hearing.

Wong summarized completed work: 24/7 endpoint monitoring with CrowdStrike on servers and workstations; an off-site disaster-recovery location to complement the Topeka Judicial Center; an upgrade to the electronic filing system; and the recent .gov migration for public websites and email accounts. “We also change all our email addresses from .kscourt.org into kscourt.gov,” Wong said.

He described in-process projects that affect public access and case management: a digital evidence management system, a new jury management system, and upgrades or vendor selection for the public access portal. Wong said internal-facing upgrades include a refreshed judicial public website and a budget dashboard intended to improve OJA staff access to enterprise data.

On security controls, Wong said the branch has implemented network segmentation to limit the scope of incidents, a formal change-control process, training measures, multifactor authentication, and foundational programs for vulnerability management, asset intelligence and real-time network scanning. He added the branch is creating an air-gapped secondary backup system.

Stephanie Smith, Judicial Administrator for the Judicial Branch, later asked the committee to clarify two points in proposed legislation (House Bill 2,270). Smith said the Judicial Branch has historically controlled its own cloud computing choices and telecommunication procurement and requested explicit exemptions for the branch in sections 3 and 4 of the bill. “As a separate branch of government, the judicial branch controls its own cloud computing and makes those decisions based on our current funding structure,” Smith said.

Wong and Smith emphasized that some decisions are constrained by appropriations and by the branch’s separate status; their requested clarifications would preserve judicial autonomy over cloud and telecom procurement while the branch continues implementing SB 291 requirements.

The presentation closed when Wong invited questions and committee members followed with procedural and technical queries about continuity-of-operations and the scope of the scheduled CISA review.

Ending: The branch said it had already scheduled the CISA audit for mid-week and stood ready to answer follow-up questions; Smith said the Judicial Branch would provide proposed statutory language to clarify its carve-outs for cloud and telecom procurement.